Starting CISSP

garv221 · August 2006

Just bought "Mike Myers Passport for CISSP". It's a pretty light book, I just read the first chapter and I wish I would have started this certification process earlier, I am very interested in it. I thought about doing Sec+ or SCCP first but I figured if I am going to spend the time studying, might as well get the top dog cert. This certification makes great sense with the practices it stresses and is something I have been doing for a few years now. I am not sure how long it will take me to be ready, but it will be easier for me to prepare as it is something that I actualy enjoy to read.

I have the experience and will have my CEO write the document needed to gain the cert after the test.

keatron · August 2006

garv221 wrote:

Just bought "Mike Myers Passport for CISSP". It's a pretty light book, I just read the first chapter and I wish I would have started this certification process earlier, I am very interested in it. I thought about doing Sec+ or SCCP first but I figured if I am going to spend the time studying, might as well get the top dog cert. This certification makes great sense with the practices it stresses and is something I have been doing for a few years now. I am not sure how long it will take me to be ready, but it will be easier for me to prepare as it is something that I actualy enjoy to read. I have the experience and will have my CEO write the document needed to gain the cert after the test.

I like your can do attitude and look foward to helping you out as much as possible here, but please take my advice and know that you'll need more than the Myers passport to pass this exam. A common study base is The Official Guide from ISC2, Shon Harris all-in-one, Vines and Krutz. Then you'll also need to supplement your weak areas with topic specific materials. Good luck to ya. Study hard and you'll be fine.

Keatron

garv221 · August 2006

keatron wrote:

I like your can do attitude and look foward to helping you out as much as possible here, but please take my advice and know that you'll need more than the Myers passport to pass this exam. A common study base is The Official Guide from ISC2, Shon Harris all-in-one, Vines and Krutz. Then you'll also need to supplement your weak areas with topic specific materials. Good luck to ya. Study hard and you'll be fine.
Keatron

Thank you, for the advice and encourgament

. As soon as I picked up the book, I thought it was too thin! I saw the all in one and almost bought it. I plan on reading this book to get a foundation built, then do some practice tests. By that time my curiosity will gear me to fill in the missing gaps where my passport has missed. I know you have alot expereince in this field, how did it take you to prepare?

blackzone · August 2006

What's the format of this exam. It's all multiple choice dealing with security concept?

keatron · August 2006

Garv221 to answer your question first; I read the Shon Harris book, the Vines book, along with the official study guide. I also read a couple of additional books just dealing with cryptography. To be honest with you, I've done pretty much nothing but security consulting and management for the last 6 years, so most of the material was just review for me, but I'm all about completeness, and reading several different sources gave me a level of completeness I wouldn't have gotten from just one source. To answer the second part of your question, I probably spent 10 months on and off preparing. You know, read for a week straight, then be in Brazil consulting for 2 weeks, then come home for a couple of weeks, read maybe a day, then spend the rest of my time with the family. My thing is this; the quality of your study time is just as important as the quanity. In other words, 2 hours of completely focused quality study is better than 4 hours of broken and poor quality study time.

To blackzone, it's 250 multiple choice questions. And it deals with more than just security concepts. It deals with all 10 of the CBK domains. I would advise not to quickly adopt the mile wide inch deep concept while you're preparing. Really take some time and nail those domains down. Everything covered in those domains is fair game. I hear so many people leaving the exam frustrated because it was "much deeper" than they were promised. And my question is always "who promised you it would be shallow". Good luck to both of you.

garv221 · September 2006

Thanks for the reply. I like the managment aspect of it, seems almost common sense. Where do people tend to find this difficult?

keatron · September 2006

garv221 wrote:

Thanks for the reply. I like the managment aspect of it, seems almost common sense. Where do people tend to find this difficult?

The difficulty usually comes from not being able to make management decisions (more specifically, judgement calls). A pointer I always give to people concerning the management questions is ALWAYS think through to what the end result of that management decision is probably going to be. By doing this you will easily cross out some wrong answers that might initially seem to be correct.

garv221 · October 2006

Just an update, I am still studying and grinding away at this...I have been extremely busy at the office, some nights not leaving until midnight..

I went 5 days without reading. Found my book in my home office open, face down and now my book is forever creased and stuck open.

Ten9t6 · November 2006

Keatron, nailed this one.... I used the passport book as a brief overview. Heck, the test book is almost as big as that book..haha..

The official study guide was not out at the time I took the exam, so I can not comment on it. The main source of information was the Shon Harris book. I also used a few books by Krutz and Vines.... They all cover the domains, but some of them did a little better areas.

elgecko69 · March 2007

Keatron,
I have read Shon Harris and Vines, and have used CBT Nuggets. Are there any holes in these materials? What other sources would you recommend?

drakhan2002 · March 2007

Alot of this depends upon your experience as well. The Mike Meyers book, I've heard is pretty good. I used the Exam Cram book to get a general overview of the subject matter contained within the test.

As far as the Shon Harris book, I wouldn't bother - it is laden with "fluff." I've posted how I prepared for the exam in another post, so I won't repeat myself here - but it really does come down to experience.

If you have the 4 years (or 3 years or 2 years, depending upon your previous academic achievements), then you should do fine on the CISSP.

I have a friend at work who is a mere 3 years out of college. He has his Security+. During his prep for the exam (taking it on April 7), he told me that the Security+ laid a great foundation for him. If you have the Security+, then it sounds like some of the domain information may be just repeated information (which is good!).

Read the Meyers book and enjoy it. Struggle through the Shon Harris book, but that silly woman has got to stop her stupid comments and "fluff" in that book (my opinion). Get some good notes from cccure.org and take a bunch of practice tests...you'll do fine!

Good luck!!

JDMurray · March 2007

drakhan2002 wrote:

As far as the Shon Harris book, I wouldn't bother - it is laden with "fluff."

I'm glad that you made this observation. It seems that Harris is writing for an audience that doesn't have much practical experience in the ten CBK domains. I assume this is because no InfoSec professional will naturally be knowledgeable in all subjects of all ten domains, and therefore she writes in such a way to teach people about the domains as if they are unfamiliar subjects. The "fluff" in her writing is the material the reader fundamentally needs to know in order to understand the subjects of the domains, but is not necessarily information that will appear in the questions on the exam. In this regard, Harris' book is not just a CISSP prep guide, but also an Information Security "what is" encyclopedia.

keatron · March 2007

jdmurray wrote:

drakhan2002 wrote:

As far as the Shon Harris book, I wouldn't bother - it is laden with "fluff."

I'm glad that you made this observation. It seems that Harris is writing for an audience that doesn't have much practical experience in the ten CBK domains. I assume this is because no InfoSec professional will naturally be knowledgeable in all subjects of all ten domains, and therefore she writes in such a way to teach people about the domains as if they are unfamiliar subjects. The "fluff" in her writing is the material the reader fundamentally needs to know in order to understand the subjects of the domains, but is not necessarily information that will appear in the questions on the exam. In this regard, Harris' book is not just a CISSP prep guide, but also an Information Security "what is" encyclopedia.

I agree totally with JD here.

Egecko69, whether or not there are holes will depend in part on your experience and more importantly, your understanding of what you have read. If you still feel like there's "something missing" from any of the domains you've studied then there probably is. So this is when you seek other resources that are specific to those domains.

elgecko69 · March 2007

Thanks for the input. I am looking to sit this test in mid May. I will post results.

drakhan2002 · March 2007

jdmurray wrote:

It seems that Harris is writing for an audience that doesn't have much practical experience in the ten CBK domains. I assume this is because no InfoSec professional will naturally be knowledgeable in all subjects of all ten domains, and therefore she writes in such a way to teach people about the domains as if they are unfamiliar subjects. The "fluff" in her writing is the material the reader fundamentally needs to know in order to understand the subjects of the domains, but is not necessarily information that will appear in the questions on the exam. In this regard, Harris' book is not just a CISSP prep guide, but also an Information Security "what is" encyclopedia.

You make a good arguement JD. I suppose that Shon had to write that book in that way. Although I didn't read the book, I do own it and use it for reference from time to time. What drove me nuts was the stupid comments at the beginning of every section...they just got under my skin. LOL - just give me the information, spare the comedy! I guess I'm not a big fan of Shon Harris...

Anyway, to the OP, good luck in May - I hope you do well on the exam!!

keatron · March 2007

drakhan2002 wrote:

jdmurray wrote:

It seems that Harris is writing for an audience that doesn't have much practical experience in the ten CBK domains. I assume this is because no InfoSec professional will naturally be knowledgeable in all subjects of all ten domains, and therefore she writes in such a way to teach people about the domains as if they are unfamiliar subjects. The "fluff" in her writing is the material the reader fundamentally needs to know in order to understand the subjects of the domains, but is not necessarily information that will appear in the questions on the exam. In this regard, Harris' book is not just a CISSP prep guide, but also an Information Security "what is" encyclopedia.

You make a good arguement JD. I suppose that Shon had to write that book in that way. Although I didn't read the book, I do own it and use it for reference from time to time. What drove me nuts was the stupid comments at the beginning of every section...they just got under my skin. LOL - just give me the information, spare the comedy! I guess I'm not a big fan of Shon Harris...

Anyway, to the OP, good luck in May - I hope you do well on the exam!!

I do have to agree, sometimes her commentary is weird and does not fit the material at all.

JDMurray · March 2007

drakhan2002 wrote:

What drove me nuts was the stupid comments at the beginning of every section...they just got under my skin. LOL - just give me the information, spare the comedy!

keatron wrote:

I do have to agree, sometimes her commentary is weird and does not fit the material at all.

Speaking as a published author, the writer(s) of a book do not have full control over what content goes into the book. The publisher also has a team of people that work on the book during and after the content creation process. The team will make whatever changes are felt necessary to make the book more marketable to the people that the book is targeted. Sometimes changes are experimental, such as adding humorous artwork or writing that is not typical of that publisher--but not all experiments are successful. For example, O'Reilly books can be full of humor, and it's always done well because O'Reilly has been using humor in tech books for a long time. As for Osborne/McGraw-Hill books, ah, maybe not so much.

I have a feeling that those quips at the beginning of each section were added to comfort anxious readers who felt overwhelmed by the avalanche of material that is presented in the book. Neither of you guys are the typical readership for the Harris book, which are people new to InfoSec and interested in learning about the content of the CISSP exam, so the presentation of the material seems hokey to you both.

Starting CISSP

Comments